Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop bogged down with?


  • This topic is locked This topic is locked
19 replies to this topic

#1 cyberski

cyberski

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:02:51 AM

Posted 27 January 2011 - 08:07 PM

Hello all...
Over the past couple weeks my laptop (64 bit win 7) has become very sluggish while using. While using Firefox it has been the most noticeable, but it also bogs down using IE or Chrome, and/or just running windows explorer or programs. I have ran malwarebytes, superantispyware, and avast anti-virus and they have found nothing outside of a few cookies, etc... I'm at a loss as to what to do with it anymore, so I come here (again) for help.

Thank You...

Jim


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Hoochie addy at 18:37:38.70 on Thu 01/27/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2715 [GMT -6:00]

AV: Emsisoft Anti-Malware *Disabled/Updated* {607A6E45-BE50-AFD5-4F70-7EAAEC5B715D}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Emsisoft Anti-Malware *Disabled/Updated* {DB1B8FA1-986A-A05B-75C0-45D897DC3BE0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
C:\Program Files (x86)\Mamutu\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mamutu\mamutu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?rls=ig
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Comodo VerificationEngine: {a968a4b4-c492-4834-b651-17602c3885c8} - C:\Program Files (x86)\Comodo\VEngine\VEngineIE32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Google Update] "C:\Users\Hoochie addy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [Mamutu Guard] "C:\PROGRAM FILES (X86)\MAMUTU\mamutu.exe" /silent
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {AE6DD181-23EB-4A8A-A873-816F38CF7112} = 156.154.70.22,156.154.71.22
TCP: {D049B8F1-C64F-4284-9DF3-CD83101611E8} = 156.154.70.22,156.154.71.22
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Comodo VerificationEngine: {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE64.dll
BHO-X64: Comodo VerificationEngine Browser Helper NEW - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
AppInit_DLLs-X64: C:\Windows\system32\guard64.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\HOOCHI~1\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hoochie addy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Hoochie addy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AFOM Addon: afom@idevfh - %profile%\extensions\afom@idevfh
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca
FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net
FF - Ext: Element Properties: properties@darktrojan.net - %profile%\extensions\properties@darktrojan.net
FF - Ext: Undo Closed Tabs Button: undoclosedtabsbutton@supernova00.biz - %profile%\extensions\undoclosedtabsbutton@supernova00.biz
FF - Ext: VTzilla: vtzilla@virustotal.com - %profile%\extensions\vtzilla@virustotal.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: zoomFox: {79fcaa13-5f29-4c33-aad7-6c48c175760a} - %profile%\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
FF - Ext: IE View Lite: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} - %profile%\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

============= SERVICES / DRIVERS ===============

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? epmntdrv;epmntdrv
R? EuGdiDrv;EuGdiDrv
R? FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance
R? gupdate1ca05213a9897f8;Google Update Service (gupdate1ca05213a9897f8)
R? SASDIFSV;SASDIFSV
R? SASENUM;SASENUM
R? SASKUTIL;SASKUTIL
R? WatAdminSvc;Windows Activation Technologies Service
S? a2acc;a2acc
S? a2AntiMalware;a-squared Anti-Malware Service
S? a2injectiondriver;a2injectiondriver
S? a2util;a-squared Malware-IDS utility driver
S? AMD External Events Utility;AMD External Events Utility
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? CAXHWAZL;CAXHWAZL
S? CLBStor;InstantBurn Storage Helper Driver
S? CLBUDF;CLBUDF
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? cmdHlp;COMODO Internet Security Helper Driver
S? cpuz135;cpuz135
S? ePowerSvc;Acer ePower Service
S? HsfXAudioService;HsfXAudioService
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? KeyScrambler;KeyScrambler
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lavasoft Kernexplorer;Lavasoft helper driver
S? Lbd;Lbd
S? Mamutu;Mamutu Service
S? netr28x;Ralink 802.11n Extensible Wireless Driver
S? NTI IScheduleSvc;NTI IScheduleSvc
S? sbapifs;sbapifs
S? SBRE;SBRE
S? TomTomHOMEService;TomTomHOMEService
S? usbfilter;AMD USB Filter Driver
S? vwififlt;Virtual WiFi Filter Driver

=============== Created Last 30 ================

2011-01-25 23:45:51 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F770C880-0FD7-4E52-8924-CDB641C0C639}\mpengine.dll
2011-01-23 09:34:45 -------- d-----w- C:\PROGRA~3\Licenses
2011-01-23 09:23:05 -------- d-----w- C:\Users\HOOCHI~1\AppData\Roaming\Engelmann Media
2011-01-23 09:22:51 -------- d-----w- C:\Program Files (x86)\Engelmann Media
2011-01-23 09:22:50 -------- d-----w- C:\Program Files (x86)\Common Files\HDX4
2011-01-21 18:30:06 311296 ----a-w- C:\Windows\SysWow64\EMRegSys.dll
2011-01-17 21:59:46 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9
2011-01-13 23:40:40 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2011-01-13 23:39:33 -------- d-----w- C:\Program Files (x86)\GmailDefaultMaker
2011-01-13 09:40:29 -------- d-----w- C:\PROGRA~3\ProcessLasso
2011-01-12 04:06:52 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 04:06:51 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 04:06:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 04:06:50 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 04:06:49 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 04:06:49 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 04:06:48 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 04:06:47 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 04:06:47 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 04:06:46 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 00:19:08 -------- d-----w- C:\Program Files (x86)\Audacity
2011-01-11 22:36:53 -------- d-----w- C:\Program Files (x86)\Inpaint
2011-01-06 23:37:00 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-01-06 23:36:58 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-01-06 23:36:58 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-01-04 04:04:13 -------- d-----w- C:\Windows\XSxS
2011-01-04 04:04:13 -------- d-----w- C:\Program Files (x86)\Xenocode
2011-01-03 06:24:10 -------- d-----w- C:\Program Files (x86)\SpeedFan
2011-01-01 21:57:19 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2010-12-31 23:19:04 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2010-12-31 23:19:02 -------- d-----w- C:\Program Files\CPUID
2010-12-29 07:42:04 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2010-12-29 07:42:02 362784 ----a-w- C:\Windows\System32\guard64.dll
2010-12-29 00:52:56 -------- d-----w- C:\Program Files (x86)\iCare Data Recovery

==================== Find3M ====================

2011-01-22 07:37:39 1004 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-12-27 21:03:21 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-03 09:05:36 64600 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2010-12-03 09:05:34 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-11-19 23:39:44 57344 ----a-w- C:\Windows\SysWow64\CleanMem.exe
2010-11-13 00:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

============= FINISH: 18:51:50.52 ===============

s522Dck.jpg


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:51 AM

Posted 03 February 2011 - 01:44 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:02:51 AM

Posted 03 February 2011 - 07:30 PM

Hello and welcome to Bleeping Computer :welcome:

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

Elle

Hi Elle and thanks for looking at my situation.

My problem(s) are the same as I posted in my first post. Basically my laptop as a whole is running very sluggishly. Everything from firefox, Chrome, windows explorer, to irfanview and paint shop pro, all are affected at times. I have ran malwarebytes, superantispyware, avast!, etc.....and they have found nothing but a few cookies. I have to believe that something is hanging around running in the background that is causing this behavior, and I don't know where else to look for a fix.

Here is the current DDS text log. I have attached the attached.txt log also. I did not run GMER because I am running Windows 7 64 Bit.
Thank You...
Jim
***********************************************

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Hoochie addy at 17:57:28.92 on Thu 02/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2289 [GMT -6:00]

AV: Emsisoft Anti-Malware *Enabled/Updated* {607A6E45-BE50-AFD5-4F70-7EAAEC5B715D}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Emsisoft Anti-Malware *Enabled/Updated* {DB1B8FA1-986A-A05B-75C0-45D897DC3BE0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
C:\Program Files (x86)\Mamutu\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Mamutu\mamutu.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\prevhost.exe
C:\Users\Hoochie addy\Desktop\bleeping\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?rls=ig
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Comodo VerificationEngine: {a968a4b4-c492-4834-b651-17602c3885c8} - C:\Program Files (x86)\Comodo\VEngine\VEngineIE32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Google Update] "C:\Users\Hoochie addy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [Mamutu Guard] "C:\PROGRAM FILES (X86)\MAMUTU\mamutu.exe" /silent
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {AE6DD181-23EB-4A8A-A873-816F38CF7112} = 156.154.70.22,156.154.71.22
TCP: {D049B8F1-C64F-4284-9DF3-CD83101611E8} = 156.154.70.22,156.154.71.22
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Comodo VerificationEngine: {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE64.dll
BHO-X64: Comodo VerificationEngine Browser Helper NEW - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
AppInit_DLLs-X64: C:\Windows\system32\guard64.dll

================= FIREFOX ===================

FF - ProfilePath - C:\Users\HOOCHI~1\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\Hoochie addy\AppData\Roaming\Mozilla\Firefox\Profiles\dwv5opwk.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Hoochie addy\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Hoochie addy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AFOM Addon: afom@idevfh - %profile%\extensions\afom@idevfh
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: Lazarus: Form Recovery: lazarus@interclue.com - %profile%\extensions\lazarus@interclue.com
FF - Ext: NoSquint: nosquint@urandom.ca - %profile%\extensions\nosquint@urandom.ca
FF - Ext: TACO with Abine: optout@dubfire.net - %profile%\extensions\optout@dubfire.net
FF - Ext: Element Properties: properties@darktrojan.net - %profile%\extensions\properties@darktrojan.net
FF - Ext: Undo Closed Tabs Button: undoclosedtabsbutton@supernova00.biz - %profile%\extensions\undoclosedtabsbutton@supernova00.biz
FF - Ext: VTzilla: vtzilla@virustotal.com - %profile%\extensions\vtzilla@virustotal.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: zoomFox: {79fcaa13-5f29-4c33-aad7-6c48c175760a} - %profile%\extensions\{79fcaa13-5f29-4c33-aad7-6c48c175760a}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
FF - Ext: IE View Lite: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3} - %profile%\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
FF - Ext: Fasterfox Lite: FasterFox_Lite@BigRedBrent - %profile%\extensions\FasterFox_Lite@BigRedBrent
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

============= SERVICES / DRIVERS ===============

R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Mamutu\a2dix64.sys [2010-11-30 48216]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Mamutu\a2util64.sys [2010-11-30 14720]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-1-20 273488]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2010-6-28 24560]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-20 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-20 62032]
R2 CLBUDF;CLBUDF;C:\Windows\System32\drivers\CLBUDF.sys [2010-6-29 375280]
R3 a2acc;a2acc;C:\Program Files (x86)\a-squared Anti-Malware\a2accx64.sys [2010-5-23 84752]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-5-12 292864]

=============== Created Last 30 ================

2011-02-03 08:16:53 11264 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2011-02-03 08:16:52 2913920 ----a-w- C:\Windows\System32\BootMan.exe
2011-02-03 08:16:52 14848 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2011-02-03 08:16:50 2336384 ----a-w- C:\Windows\SysWow64\BootMan.exe
2011-02-03 08:16:50 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2011-02-03 08:16:49 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2011-02-03 08:16:49 16776 ----a-w- C:\Windows\System32\epmntdrv.sys
2011-02-03 08:16:46 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2011-02-03 08:16:35 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2011-02-03 08:16:34 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2011-02-01 22:12:04 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{4B8A15E7-1757-4C70-9E36-B01CEF340583}\mpengine.dll
2011-01-23 09:34:45 -------- d-----w- C:\PROGRA~3\Licenses
2011-01-23 09:23:05 -------- d-----w- C:\Users\HOOCHI~1\AppData\Roaming\Engelmann Media
2011-01-23 09:22:51 -------- d-----w- C:\Program Files (x86)\Engelmann Media
2011-01-23 09:22:50 -------- d-----w- C:\Program Files (x86)\Common Files\HDX4
2011-01-21 18:30:06 311296 ----a-w- C:\Windows\SysWow64\EMRegSys.dll
2011-01-17 21:59:46 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9
2011-01-13 23:40:40 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry
2011-01-13 23:39:33 -------- d-----w- C:\Program Files (x86)\GmailDefaultMaker
2011-01-13 09:40:29 -------- d-----w- C:\PROGRA~3\ProcessLasso
2011-01-12 04:06:52 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 04:06:51 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 04:06:50 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 04:06:50 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 04:06:49 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 04:06:49 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 04:06:48 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 04:06:47 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 04:06:47 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 04:06:46 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-12 00:19:08 -------- d-----w- C:\Program Files (x86)\Audacity
2011-01-11 22:36:53 -------- d-----w- C:\Program Files (x86)\Inpaint
2011-01-06 23:37:00 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-01-06 23:36:58 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-01-06 23:36:58 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys

==================== Find3M ====================

2011-01-22 07:37:39 1004 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-01-13 08:47:35 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-12-29 07:42:04 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2010-12-29 07:42:02 362784 ----a-w- C:\Windows\System32\guard64.dll
2010-12-27 21:03:21 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-03 09:05:36 64600 ----a-w- C:\Windows\System32\drivers\sbapifs.sys
2010-12-03 09:05:34 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-12-03 09:05:33 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2010-11-19 23:39:44 57344 ----a-w- C:\Windows\SysWow64\CleanMem.exe
2010-11-13 00:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-09 20:35:24 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys

============= FINISH: 18:14:25.04 ===============
[attachment=87089:Attach.txt]

Edited by cyberski, 03 February 2011 - 07:32 PM.

s522Dck.jpg


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 AM

Posted 14 February 2011 - 12:57 PM

Hello and I'm terribly sorry for the delay. Somehow this topic was overlooked.

Please let me know if you still need help.

If so, first of all, I have question, I see you're running a lot of security programs. This can seriously slow things down (overkill so to say). How much memory does this computer have?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:02:51 AM

Posted 14 February 2011 - 05:09 PM

Hello and I'm terribly sorry for the delay. Somehow this topic was overlooked.

Please let me know if you still need help.

If so, first of all, I have question, I see you're running a lot of security programs. This can seriously slow things down (overkill so to say). How much memory does this computer have?

Hi Elise and thanks for checking this out for me.
My laptop is still running the same sluggish behavior as before.

My laptop has 4gb (2 X 2gb) of DDR@-667 SO-DIMM memory. This is the maxed out capacity that the laptop came with from Gateway. This past weekend I did run the memtest86 program, but only had enough time to test one stick of memory and it showed no errors with that stick.

Thanks...
Jim

Edited by cyberski, 14 February 2011 - 05:10 PM.

s522Dck.jpg


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 AM

Posted 14 February 2011 - 05:16 PM

Lets first have a closer look for malware and if that isn't the case, we can disable some security programs to see if that makes a difference.

From the start I recommend you to uninstall Comodo and SuperAntispyware, since you don't need a thirdparty firewall on Windows 7 (it has a good inbuild firewall) and Superantispyware is known to consume quite some resources.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:02:51 AM

Posted 15 February 2011 - 12:01 AM

OK, I uninstalled comodo and superantispyware. I then disabled avast,and mamutu and then tried to run combofix from the bleeping link. I clicked to start it, but I get a prompt saying I have a corrupt d/l of combofix, and to try a new d/l. I then try the 2nd link from forospyware but the same prompt comes up. I've included a screenshot of the prompt

[attachment=88164:combo corrupt.jpg]

Edited by cyberski, 15 February 2011 - 12:01 AM.

s522Dck.jpg


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 AM

Posted 15 February 2011 - 03:11 AM

I suspect one of your many security products may interfere.

Please uninstall A-squared and Ad-Aware (you already have Avast as antivirus and those two will only interfere with avast running).

I strongly recommend also to uninstall Mamutu; this programs uses behavioral blocking only and may cause all kind of problems, whilst the advantages are negligible.

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


After uninstalling A-squared, Ad-aware and Mamutu, try to run Combofix again (be sure to disable Avast).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:02:51 AM

Posted 15 February 2011 - 05:33 PM

I uninstalled A-squared, A-squared hijack free, Ad-Aware, and mamutu. Disabled avast and tried to run combofix. After initiating combo, even though avast is disabled, it says that avast is still running and that running combofix would be at my own risk (not exact wording, but close). Then combo starts and creates a registry backup. The cmd screen(?) starts and says the combo is scanning. After a little while it stops but does not create a log. I then try to go online and post here, but I cannot get online. I'm still connected to my wireless but no online access is available. I have to reboot to regain online access. I try again with disabling avast and running combofix, but again it say avast is still running, so I completely uninstall avast and try combo again. After retrying combo, the same thing happens as above. (no internet etc...)
I will be reinstalling avast until you tell me where to go next.

Thanks...
Jim

s522Dck.jpg


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 AM

Posted 16 February 2011 - 02:21 AM

You can reinstall Avast. Avast usually does not interfere with Combofix. The internet problems are nothing to worry about; combofix should restore that after it finishes, but since it freezes up, it doesn't get to that.

At this point, how is the slowness?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:02:51 AM

Posted 16 February 2011 - 04:46 AM

You can reinstall Avast. Avast usually does not interfere with Combofix. The internet problems are nothing to worry about; combofix should restore that after it finishes, but since it freezes up, it doesn't get to that.

At this point, how is the slowness?

I haven't really had to much time on the laptop the past couple days to be able to give an accurate assessment. I'll have more free time later today to play around, so i'll post back later today.

Thanks...
Jim

s522Dck.jpg


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 AM

Posted 16 February 2011 - 06:46 AM

Okay Jim, please keep me posted. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:02:51 AM

Posted 21 February 2011 - 04:14 PM

Okay Jim, please keep me posted. :)

Hi again Elise

My laptop seems to be about 98% fixed now. It still bogs down every once in awhile for just a few minutes and then clears up. One thing I did notice though, was I was restarting it and as it was in the progress, I got the darkish screen where windows says "xxxx" is still running and do you want to force shutdown. That item was a "floating toolbar". I wasn't paying full attention when that prompt came up, and by the time I did notice it, windows went ahead and restarted, so I didn't get any more info about it except that it was a floating toolbar.

s522Dck.jpg


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:51 AM

Posted 21 February 2011 - 04:20 PM

Hi Jim,
I'm glad to hear things are running fine now. Its not uncommon that a program is not responding on system shut down; as long as it doesn't happen every time, nothing to worry about.

If you still experience regular lags, try to disable for example key scrambler. This is something, no matter how useful, that can slow things down.

Please launch Malwarebytes antimalware, update it and run a full scan. Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 cyberski

cyberski
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Wisconsin
  • Local time:02:51 AM

Posted 21 February 2011 - 11:56 PM

Ok-doky...

Here's the log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5834

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/21/2011 10:52:23 PM
mbam-log-2011-02-21 (22-52-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 394239
Time elapsed: 1 hour(s), 30 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\hoochie addy\AppData\LocalLow\Sun\Java\deployment\cache\6.0\14\320445ce-3e4cf6f4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\hoochie addy\AppData\LocalLow\Sun\Java\deployment\cache\6.0\54\9a34836-7881888c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

s522Dck.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users